DEF CON 23: Humans, The Wall of Sheep, and The Number 23

The scene of DEF CON on August 6th, 2015 at the Paris Hotel in Las Vegas around 6:00am, was filled with an array of hackers and industry professionals alike. What may seem as an unlikely combination, in fact seamlessly combined into a strangely ordered, yet chaotic scene. Hundreds of individuals eagerly waited a few hours in a line that was six people wide, and zigzagged throughout an entire ballroom as they waited for the coveted DEF CON badge. DEF CON has its’ own way of categorizing the attendees: Goons, Humans, and Inhumans. As first time “Humans” at DEF CON, we quickly realized that this ordered chaos/line waiting would be consistent throughout the event.

Although this was a test of patience and required a little bit extra planning on our part, it embodies the culture that is DEF CON. Every year, DEF CON works hard to conjure up an innovative and thought-provoking theme. This year’s theme was the 23 Enigma. As 23 Enigma virgins, it was a compulsive concept that revolves around most events relating to the number 23. Think about it, the Hiroshima Bomb was dropped at 8:15am (8 + 15 = 23) on 8/6/45 (8 + 6 + 4 + 5 = 23). The face of all U.S coins have exactly 23 characters, numbers, and letters. Julius Caesar was stabbed 23 times. One of the talks, even left the 23rd PowerPoint slide intentionally blank in the spirit of the theme.

With so many “Humans” in one place naturally one of the crowd attention grabbers is the Wall of Sheep aka Wall of Shame. The Wall of Sheep’s Mission: To raise security awareness. To accomplish their mission they project the Wall of Sheep onto a large wall showing what can happen to users who are transmitting their usernames and password unencrypted over the open DEF CON network. The spreadsheet clearly displays usernames, partial passwords, and the domain IP address of any user they have managed to gather the information from.

Ming Chow, a Wall of Sheep aficionado since DEF CON 15, illuminated on data capturing and analyzation techniques utilized by the shepherds, in his talk “Tools and Techniques used at the Wall of Sheep.” All the tools Chow discussed are free and open source software (FOSS), including, Wireshark, tcpdump, and dsniff. Since these tools are free and readily available, anybody can download and install them on their personal machine and practice safe computing.

The question then becomes, how do we begin to practice safe computing? It starts by being wary of the networks we connect to on a day to day basis. The Wall of Sheep is a reminder to everyone just how easy it is to become a “sheep” and get your information taken if you aren’t taking the proper steps to protect yourself. This promotes the idea that any sensitive information you are sending through the internet should be properly encrypted so that attackers cannot use the information. Whether you are a cyber security professional, a defense contractor, or an average, everyday individual you should learn how to defend against these attacks.The following 4 recommendations discussed in Ming’s presentation provide a baseline to protecting yourself from becoming a “sheep” and utilizing secure protocol.

This will route all your traffic through a secure tunnel so even unsecure protocols will be protected. Even if you are browsing HTTPS only your device could be automatically transmitting data in the background unsecurely. You can build your own VPN or purchase a reliable VPN.

Having this adds a second level of authentication to log-in. The second factor could be something you have or something you are. This way if the “hackers” got your login and password they will still need or have that third piece of information to log-in.

If you can’t have two-factor authentication, using unique passwords for different accounts will at least help if one of your accounts is compromised.[/two_fourth]

Public Wi-Fi will not encrypt your network traffic so anyone could be snooping on you. Remember “if you wouldn’t say it in public don’t say it without encryption.” The easiest and safest solution is just don’t use a public Wi-Fi network and wait until you get home 🙂

Whether we were standing in line, contemplating the number 23, or snickering at the Wall of Sheep, the consensus was that DEF CON provides an unparalleled experience. The Wall of Sheep may openly display usernames and partial passwords that they discovered, but they do this because, like us, they want a more secure world. All the vulnerablities and explotes DEF CON’s ability to bring a wide range of individuals into an environment and break down the stereotypical labels, ensures and promotes a sense of community and learning amongst unlikely collaborators.